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Application/Control Number: 09/392,938 
Art Unit: 2172 

DETAILED ACTION 
Claim Objections 

1 . Claims 1 9 and 20 objected to because of the following infomialities: 
a Refemng toclaim 19: 

i. A comma is missing between the number "17" and the word 

"wherein" on line 20, page 32. 

b Referring to claim 20: 

i. A comma is missing between the number "17" and the word 

"wherein" on line 1 , page 33. 

ii. A word "to" is missing between the words "response and 

"detecting". 

Appropriate correction is required. 

Claim Rejections • 35 USC § 102 

2 The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

'anUer filed in the United S'=<^,''*'« ^er TS^^^^^^^^ ^» 

irn?rpSrrr^ar;s^^ 

of such treaty in the English language. 

3. Claims 1 through 20 rejected under 35 U.S.C. 102(e) as being anticipated 

byRowney (US 5,987,140). 

a. Referring to claim 1 : 

i. Rowney teaches: 

(1) a server processing unit and a server memory device 
electrically coupled to the server processing unit [i.e., a workstation having a central 
processing unit, such as a microprocessor, and a number of other un.ts 
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(including a Random Access Memory (RAM) and Read Only Memory(ROM)) 
interconnected via a system bus (column 4, line 1 -10)1, 

(2) a client processing unit and a client memory device 
electrically coupled to the client processing un« U-e.. a personal computer having a 
central processing unit, such as a microprocessor, and a number o. other unrts 
(including a Random Access Memo,y (RAM) and Read Only Memory(ROM)) 
interconnected via a system bus (column 4, line 1 -1 0)1, 

(3) a server program module, stored in the seiver 

memo^ device, for providing inst^ctions fo the server processing 

workstation typically has installed an operating system such as the IBM OS/2 

operating system or UNIX operating system (column 4, line 15-20)1, 

(4) a client program module, stored in the client memory 
device, for providing instructions to the client processing unit [I.e.. the ^rsona. 
computer Includes an operating system such as the Microsoft Wmdows 
Operating System (OS) (column 4, 15-17)1, and .. ,„ 

(5) a communication medium, communicatively coupling 
the server processing unit and the client processing unit [i.e., secure transmission of 
data IS provided between a plurality of computer systems over a public 
communication systems, such as the internet (column 2, line 60-62)1: 

(6) the client processing unit, responsive to the 
instruction of the client program module and the se^er processing unit, responsive to 
the instmdions of the sen/er program module [figure 21, being operative to: 

(a) authorize access to the system [I.e., customer 
computer system transmits a client certificate to enable customer computer 
system to authenticate the identity of customer computer system (column 11, hne 
30 -34)1 • 

(b) generate at least one electronic document 
[ie customer computer system initiates communication by sending "client 
hello" message to the merchant computer system (column 10, line 31-33)]; 
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(c) prevent the creation of fraudulent versions of 
the electranic document [i.e., by using a set of encryption keys to communicate 
witi, each other whe« the Keys may be used to decrypt further communicafons 
betv,een the two computer systems, which may thereafter engage in secure 
communications with less risk of Interception by third parties (column 11, line 53- 

(d) allow electronic signatures to be associated 
with the electronic document [I.e., provide a server key exchange message, which 
may be used by a client to decrypt message sent by the server (column 11, Ime 

20-24)1; and . , . 

(e) maintain an authoritative copy of the electronic 

document in the server memory device of the se^er processing unit [i.e., merchant 
computer system stores capture response for later use In by legacy system 
accounting program, e.g. to perform reconciliation between the merchant 
operating merchant computer system and the flnancial institution from whom 
payment was requested, thereby completing the transaction (column 20, hne 3- 

8)1- , 

b. Referring to claim 2 which depends on claim 1 : 

i. Rowney further teaches: 

(1) the client processing unit [I.e., Figure 1A] 

(a) receiving access information from the input 
device [l.e., server certlfcate enables customer computer system to authenticate 
the identity of merchant computer system (column 11, line 14-17)], 

(b) transmitting the access information to the 
server over the communication medium [I.e., customer computer system transmits 
Client certificate to the merchant computer system enabling the server to 
authenticate the identity of customer computer system (column 11. line 30-34)]. 
and 
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(c) receiving an authorization indicator from the 

rrr::::: : - - ~ ... «... . .e- . .... 

encrypted communications (column 11, line 10.13)1; and 

,he server processing unit D.e.. Figure 1 A) 

(a) receiving the access information from the client 

transmMing an authorized indicator to the client 

communications {column 11, line 10-13)1; 

0. Referring to claim 3 which depends on claim 1 . 
1. Rowney further teaches: 

(1) the client processing unit [i.e.. Figure 1A1 

(a) receiving pertinent information from the input 

system (column 10, line 61.62),,^and ^^^^^^^^ ^^^^^^ ^„ 
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specify goods or services to be orde«d and payment inft.m,a.ion (coiumn 11, 
line 59-63)1;. 

d. Referring to claim 4 which depends on claim 3. 
i Rowney further teaches: 

(1) receiving a complete Indicator from the input device. 

iincz— — 

63)1; 

e. Referring to claim 5: 

i Rowney further teaches: 

(1) an input device electrically coupled to the client 

. oftomnts to modify the electronic document [i.e., payment gaie y 

14)1. 

f. Referring to claim 6: 
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i Rowney further teaches: 

(1) an input device electrically coupled to the client 
processing unit and wherein the client processing unit and the server processing ur.t 
"Z^e to prevent the creation of fraudulent versions of the electron, document 
the lent prLssing unit, in response to generating the e-tro- d^^^^^^^^^^ 
Irvntina the electronic document and generating a signature key based at least 

.«mhines basic authorization request, a copy ot its encryn *' 

comprising basic authorization request Tl,e J; 

, 1,,^ diaital signature by first calcuiating a "message digest based upon 
caiculat^ '•'^^ Jbasic authorization .quest. Message digest help 

.he contents of ^^^^ ,,^„;„, message would 

:r l^rr-^- .ge. . then enc^.d using the merchant 

computer system's digital signature private Key (column 12, .me 43^5),. 

g. Referring to claim 7: 

i. Rowney further teaches: 

(1 ) the client processing unit [i.e. Figure 1 A] 

(a) in response to generating the electronic 

(coiumn 12, line 63^5)1, and , ^^,^^3, attempt to modify the 

e-nicdooument,re«ee.ot.™odo^^^^^ 

certificates by calculating a message over the content ot 

:rri»tL request, then decrypting digital signature to obtain a copy of the 
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exact -message calculated by the merchant computer system. If the two 
melses a.' the same, the ..ta, signature is v-ated -e-^^^^^ 
gateway computer system rejects the authorisation request (column 14. 

14)1. 

h. Referring to daim 8; 

i. Rowneyfurtlierteacties; 

(1 ) the client processing unit [i.e., Figure 1 A] 

(a) receiving at least one signature input from the 

.put device [l.e.. payment gateway computer system -Ives and^^^^^^^ 
Ichant computer system's encryption and signature publ.c Key cerfficates. 
and as well as digital signature (column 13, line 54-58)1, 

""^ (b) creating a signature file containing the 

14, line 25^5,1, and ^^^^^^^ ^^^^^ ^ 

encryption Key .ha. is based a. ieas. in part on .he contents o, the eieCronic d— 
; e paymen computer system calculates a digital signature by flrst calculatm 
Message digest based on the contents o, the combined -"^^c 
Ts^nse and the signature public Key certificate. The message d.ges, .s the 
Zpted using the merchant computer system's digital signature pnvate Key 

(column 14, line 40-50)]. 

i. Referring to claim 9: 

i. Rowney furtiier teaches: 

(1 ) the client processing unit [i.e., Figure 1 A] 

(a) receiving a submit indicator from the input 
device [i e in order to obtain payment from the customer, the merchant must 
Z^l^ payment information to the ban. or other payment gateway 
responsible for the payment method (column 11, line 65-68)]. and 
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(b) in response to receiving the submit indicator, 
transmMing the eleC^nic document and the electronic signatures associated w«h the 
electronic document to the server processing unit overthe communlcat^n medium -e 
.he merchant computer systems trans^iu a payment au.hon«..on s.^y 
combining basic authorization request, a copy of iU encryption pubi.c key 
certificate and a copy C its signature public key cer«ficate. it ^"'^'^'^^ 
a digital signature for the combined contents/messages o, the combined bioc 

comprising basic authorization request, .hen transmits over the co ,cat,on 

networi( (column 12, line 43-53)1; and . 

(2) the server processing unit [i.e., Figure lAl 

(a) receiving the electronic document and the 
electronic signatures [i.e., payment gateway computer system receives a payment 
authorization request and verifies merchant computer system's encryption nd 
slgl. public key cert^cates, and as well as digit,, signature (column 13. line 

(b) preventing any modifications to the electronic 
aocument and the signature file [U., tben decrypting diglU. ^ ""'J;'^ 
copy of the exact message calculated by the merchant computer system. If the 
Jmessages a™ the same, the digital signature is validated 0**-- P'V 
gateway computer system rejects the authorization request (column 14. line 

^"^ (0) providing an unauthorized copy indicator on 

any elec.rt,nic and hard copies of the electronic document, the ""-^"-^ 
i„d cator indicating that the electronic and haid copies of the electronic document 
not the authoritat^e copy o, the electronic document p.e.. payment gateway compute 
system contacts the appropriate financial institution using a secure means e^g a 
dLtKlia. modem.tOH.odem connecfion. or a proprietary Interna, ne^.ork that . 
1 accessible to third parties, and using prior a. means, obta^s a ..sp se 
indicating whether the requested payment is authorized (column 14. Ime 16-24)]. 
j. Referring to Claim 10: 
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i Rowney teaches: 

(1) receiving a set of input information from an input 
source, the set of input in.om,a.ion including a subset of information necessarv to 
generate an electronic document p.e.. payment gateway system recedes and 
processes a payment authorization request from the merchant (column 12. line 

(2) In response to receiving a complete indicator from the 
input source, the complete Indicator Indicating that the received subset of input 
lnforma«on Is complete, generating an electronic document by '^'^'"^^^^^ 
input in.om,a,ion v,ith a document template [I.e., the gateway system then g n 

the basic authorization response and combines i. with a copy of ,ts s.gn*^ure 
Zbllc Key certiflcate. The data request Is then encrypted using he merch^n 
computer system's diglU. signature private Key and transmits ,. bacK to the 
merchant computer system (column 14, line 25-50)1; 

(3) receiving a set of electronic signatures from the ,nput 

source, whereby up receiving the set of electronic signatures, the electronic document 
is considered an electronic agreement [I.e., «,e merchant computer system then 
ecrypts digital signature to obtain a copy of the equivalent <"«a 'equest If h 
two data requests are the same, the dlglU.1 signature is validated (column 16, Ime 

^"^ (4) in response to receiving a submit Indicator, storing the 

electronic agreement w.hln an ac^ss restricted computer system, the stor^ elect,.nic 
agreement constKuting an authoritath,e copy of the electronic J^-' *; 

merchant computer system stones capture response for later use .n by legacy 
system accounting program. In which to perform -.conciliation between * 
merchant and the fmanola. Institution, thereby completing the transachon 

(coluimn 20, line 3-8)]. 

k. Referring to claim 1 1 which depends on claim 1 0: 

i. Rowney further teaches: 
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(1) after the generating step, the step of providing a 
signature indicator to the input source, the signature indicator indicating that the 
generating step is complete and that the electronic documents requires the input of the 
set of electronic signatures [i.e.. payment gateway computer system validates 
merchant digital signature (column 14, line 1-2)]. 

I. Referring to claim 1 2 which depends on claim 1 1 : 
i. Rowney further teaches: 

(1) the step of encrypting the electronic document [i.e., 
the payment gateway computer system calculates digital signature by first 
calculating a message digest based on the contents of the combined bas.c 
authorization response and signature public key certificate. The message digest 
is then encrypted using the merchant computer system's digital signature private 

key (column 14, line 25-50)1; 

m. Referring to claim 13 which depends on claim 12; 
i. Rowney further teaches: 

(1 ) the step of preventing the electronic document from 
being modified [i.e., the payment gateway computer system uses a message digest 
method to detect if the contents have been altered. The message digest ,s the 
fixed-length result that is generated when a variable length message is fed mto a 
one-way hashing function. It helps verify that a message has not been altered 
because altering the message would change the digest (column 12, line 554i5)l. 
n. Referring to claim 1 4 which depends on claim 1 0; 
i. Rowney further teaches: 

(1) prior to the storing step. 

(a) the step of encrypting the set of electronic 
signatures using an encw«on key li.e.. payment gateway computer systern 
encrypts combined block using random encryption key RK-1 to form encrypted 
combined block. It then encrypts random encryption key RK-1 using the public 
key of merchant computer system to form encrypted random key RK (column 14, 
line SS-68)], 
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(b) the encryption key being based, at least in 
part, on the contents of the electronic document [i.e., the payment gateway 
computer system calculates digital signature by first calculating a message 
digest based on the contents of the combined basic authorization response and 
signature public key certificate. The message digest is then encrypted using the 
merchant computer system's digital signature private key (column 14, line 25- 
50)], whereby 

(c) if the contents of the electronic document are 
modified, the electronic signatures and the electronic agreement will be invalid [i.e., 
after decrypting digital signature to obtain a copy of the exact message 
calculated by the merchant computer system, if the two messages are the same, 
the digital signature is validated. Otherwise, payment gateway computer system 
rejects the authorization request, and the electronic agreement is counterfeit 

(column 14, line 4-14)]. 

o. Referring to claim 1 5 which depends on claim 1 0: 
i. Rowney further teaches: 

(1) the step of providing an indicator that the set of 
electronic signatures has been received and that the electronic agreement is 
complete [i.e., payment gateway computer system receives a payment 
authorization request and verifies merchant computer system's encryption 
and signature public key certificates, and as well as digital signature 
(column 13, line 54-58)]. 

p. Referring to claim 16: 
i. Rowney teaches: 

(1) a client device receiving a set of input information 
from an input source, the set of input information including a subset of information 
necessary to generate an electronic document and a set of signatures necessary to 
make the electronic document a binding agreement [i.e., payment gateway computer 
system receives and processes a payment authorization request from the 
merchant, where the authorization request combines with a copy of its encryption 
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public key certificates and a copy of its signature public key certificate (column 

12, line 15-20 and line 43-48)]; 

(2) a client device encrypting the electronic document 

using a first key and the set of signatures using a second key. the second key being 
based at least in part on the contents of the electronic document, whereby any 
modifications to the electronic document would result in invalidating the set of 
signatures [I.e., the payment gateway computer system uses Its private key to 
encrypted random key contained within received merchant authorization request, 
thereby decrypting it and obtaining a cleartext version of random key RK-0, the 
gateway system then applies random key RK-0 to encrypted combined block, 
thereby decrypting it and obtaining a cleartext version of combined block. 
Finally the gateway system decn^pts digital signature to obtain a copy of the 
equivalent data request. If the two data requests are the same, the digital 
signature is validated. If the validation falls, the gateway computer system 
rejects the authorization request (column 13, line 45-53; and column 14, line 8- 
14)]; 

(3) a client device transferring the encrypted electronic 
document and the encrypted set of signature to a server device over a communication 
medium the server device being access restricted, the stored electronic document and 
set of signature constituting the only authoritative copy of the electronic agreement [i.e., 
the merchant computer system stores capture response for later use in by legacy 
system accounting program, in which to perform reconciliation between the 
merchant and the financial Institution, thereby completing the transaction 

(coluimn 20, line 3-8)]. 

q. Referring to claim 17: 
i. Rowney teaches: 

(1) a client processing uint [i.e.. Figure 1A]; 

(2) a client memory device [i.e., Figure 1A, a Random 
Access Memory (RAM) 14 and Read Only Memory (ROM) 16], 
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(a) a display device [I.e., Figure 1A, display 

device (38)] and 

(b) an input device [I.e., Figure 1A, a keyboard 
(24), a microphone (32), a mouse (26), and a speaker (28)] 

(3) a client program module, stored in the client memory, 
for proving instructions to the client processing unit [i.e., the personal computer or 
workstation typically has resident an operating system such as the Microsoft 
Windows Operating System(OS), the IBM OS/2 operating system, etc.. (column 4, 
line 14-16)]; 

(4) a communication medium, communicatively coupling 
the client system to the electronic document system [i.e.. Figure 1A, communication 
adapter (34) for connecting the personal computer or workstation to a 
communication network, which operates with a secure communication protocol 
such as the SSL protocol (column 4, line 10-13 and column 10, line 7-8)] 

(5) the client processing unit [I.e., Figure 1A], responsive 
to the instructions of the client program module, being operative to: 

(6) authorize access to the electronic document system 
by [I.e., customer computer system transmits a client certificate to enable 
merchant computer system to authenticate the Identity of customer computer 
system (column 11, line 30-34)] 

(a) receiving access information from the input 
device [i.e., server certificate enables customer computer system to authenticate 
the identity of merchant computer system (column 11, line 14-17)], 

(b) transmitting the access information to the 
server over the communication medium [i.e., customer computer system transmit 
client certificate to the merchant computer system enabling the server to 
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authenticate the identity of customer computer system (column 11. line 30-34)]. 

and 

(c) receiving an authorization indicator from the 
server pK,cessing unit over the communication medium [i.e., server hello message 
includes an indicator of the cryptographic algorithms selected from among the 
algorithms specified by client hello message, which will be used In further 
encrypted communications (column 11, line 10-13)1; 

(7) generate at least one electronic document [I.e., 
customer computer system inl«a»es communication by sending "client hello- 
message to the merchant computer system (column 10, line 31 -33)]; 

(8) prevent the creation of fraudulent versions of the 
electronic document [I.e.. by using a set of encryption keys to communicate wi* 
each other where the Iceys may be used to decrypt further communications 
between the two computer systems, which may thereafter engage ,n secure 
communications wi«, less risk of interception by third parties (column 11, hne 53- 
58)1; 

(9) allow electronic signatures to be associated with the 
electronic document by [I.e., receiving a server key exchange message, whici, may 
be used by a client to decrypt further message sent by the server (column 11 , hne 
20-24)1 

(a) receiving a set of signatures from the input 
device [i.e., receiving a server Key exchange message, which may be used by a 
client to decrypt further message sent by the server (column 11. line 20-24)1 

(b) creating at least one signature file containing 
the set of signature [I.e., establishing a client key exchange message which may be 
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used by the server to decrypt message sent by the client (column 11, line 40-44)] , 

and 

(c) encrypting the signature using a encryption key 
that is based at least in part on the contents of the electronic document [I.e., using a 
set of encryption keys to communicate with each other where the keys may be 
used to decrypt further communications between the two computer systems 
(column 11, line 53-55)]; and 

(10) transfer the electronic document and the encrypted 
signature file to the server over the communication medium [i.e., client transmit a 
complete message to the server by including a set of encryption keys, which may 
thereafter engage in secure communications with less risk of interception by 
third parties (column 11, line 45-58)]; 

r. Referring to claim 1 8 which depends on: 
i. Rowney further teaches: 

(1) receiving pertinent information from the input device 
[i.e., server hello message allowing client to connect with merchant computer 
system (column 10, line 61-62)],; and 

(2) merging the pertinent Information with predefined 
document information to generate an electronic document conforming to a predefined 
document format [I.e., combining the server message and client hello message 
sent by customer computer system or client wherein the message that specify 
goods or services to be ordered and payment information (column 11, line 59- 
63)]. 

s. Referring to claim 1 9 which depends on claim 1 7: 
i. Rowney further teaches: 

(1) the client processing unit is operative to prevent the 
creation of fraudulent versions of the electronic document by, after generating the 
electronic document, encrypting the electronic document and rejecting any attempts to 
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enter additional pertinent information [i.e., the payment gateway computer system 
uses a message digest method to detect if the contents have been altered. The 
message digest is the fixed-length result that is generated when a variable length 
message is fed into a one-way hashing function. It helps verify that a message 
has not been altered because altering the message would change the digest. The 
message digest is then encrypted using the merchant computer system's digital 
signature private key (column 12, line 55-65)]. 

t. Referring to claim 20 which depends on claim 1 7: 
i. Rowney further teaches: 

(1) detecting an attempt to modify the electronic 
document [i.e., the payment gateway computer system uses a message digest 
method to detect if the contents have been altered. The message digest is the 
fixed-length result that is generated when a variable length message is fed into a 
one-way hashing function. It helps verify that a message has not been altered 
because altering the message would change the digest (column 12. line 55-63). 
and 

(2) in response to detecting an attempt, rendering the 
electronic document invalid [i.e., after decrypting digital signature to obtain a copy 
of the exact message calculated by the merchant computer system, if the two 
messages are the same, the digital signature is validated. Othenvise. payment 
gateway computer system rejects the authorization request, and the electronic 
document is counterfeit (column 14, line 4-14)]. 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to 

applicant's disclosure. 

a. Susaki et al. US 6. 327. 658 discloses a distributed object system 

including at least one object distributing server, at least one client terminal and at least 
one server object execution server. 
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b. Parsons, Jr. et al. US 6. 085, 247 discloses a server operating 
system supports multiple client-server sessions and enables a user to begin a session 
and later dynamically reconnect to that session even if the user uses two different client 
computers. 

Any inquiry concerning this communication or eariier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 703-305-0327. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 703-305-4393. The fax phone 
numbers for the organization where this application or proceeding is assigned are 703- 
746-7239 for regular communications and 703-746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 703- 
305-3900. 
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